Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
Yaron Sheffer <yaronf@checkpoint.com> Sat, 22 August 2009 05:25 UTC
Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 307623A68A9 for <ipsec@core3.amsl.com>; Fri, 21 Aug 2009 22:25:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUU6R4LLLFKq for <ipsec@core3.amsl.com>; Fri, 21 Aug 2009 22:25:42 -0700 (PDT)
Received: from dlpdemo.checkpoint.com (dlpdemo.checkpoint.com [194.29.32.54]) by core3.amsl.com (Postfix) with ESMTP id 524FA3A680E for <ipsec@ietf.org>; Fri, 21 Aug 2009 22:25:41 -0700 (PDT)
Received: by dlpdemo.checkpoint.com (Postfix, from userid 105) id D760F29C002; Sat, 22 Aug 2009 08:26:08 +0300 (IDT)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by dlpdemo.checkpoint.com (Postfix) with ESMTP id 2E47C200456; Sat, 22 Aug 2009 08:26:08 +0300 (IDT)
X-CheckPoint: {4A8F805B-0-14201DC2-1FFFF}
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id n7M5Pi3d015416; Sat, 22 Aug 2009 08:25:44 +0300 (IDT)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([194.29.32.26]) with mapi; Sat, 22 Aug 2009 08:25:45 +0300
From: Yaron Sheffer <yaronf@checkpoint.com>
To: Jack Kohn <kohn.jack@gmail.com>, "ipsec@ietf.org" <ipsec@ietf.org>
Date: Sat, 22 Aug 2009 08:25:42 +0300
Thread-Topic: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
Thread-Index: AcoirTRnqVRsgGQwQdaeQivF367TsAAOR1wA
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC80158E120B3E1@il-ex01.ad.checkpoint.com>
References: <20090810234501.D0BF03A6E8C@core3.amsl.com> <dc8fd0140908211517y3850c4a0w1edc78513c183aaa@mail.gmail.com>
In-Reply-To: <dc8fd0140908211517y3850c4a0w1edc78513c183aaa@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_002F_01CA2302.238DC200"
MIME-Version: 1.0
Cc: "Bhatia, Manav (Manav)" <manav@alcatel-lucent.com>, "Grewal, Ken" <ken.grewal@intel.com>, "g_e_montenegro@yahoo.com" <g_e_montenegro@yahoo.com>, "paul.hoffman@vpnc.org" <paul.hoffman@vpnc.org>
Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Aug 2009 05:25:44 -0000
Hi Jack, I believe it is essential that both this draft and the ESP-null Heuristics draft contain language that clarifies how they relate to one another. I posted some text to the list on Aug. 11, and I am still awaiting approval from the Heuristics group of authors. When we have this point resolved, the draft is ready to move forward. Thanks, Yaron _____ From: Jack Kohn [mailto:kohn.jack@gmail.com] Sent: Saturday, August 22, 2009 1:18 To: ipsec@ietf.org Cc: Yaron Sheffer; Grewal, Ken; paul.hoffman@vpnc.org; g_e_montenegro@yahoo.com; Bhatia, Manav (Manav) Subject: Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic-visibility-07.txt I believe this draft had cleared the WG LC long time back. What else are the chairs/authors waiting for? Jack On Tue, Aug 11, 2009 at 5:15 AM, <Internet-Drafts@ietf.org> wrote: A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : Wrapped ESP for Traffic Visibility Author(s) : K. Grewal, et al. Filename : draft-ietf-ipsecme-traffic-visibility-07.txt Pages : 14 Date : 2009-08-10 This document describes the Wrapped Encapsulating Security Payload (WESP) protocol, which builds on top of Encapsulating Security Payload (ESP) [RFC4303] and is designed to allow intermediate devices to ascertain if ESP-NULL [RFC2410] is being employed and hence inspect the IPsec packets for network monitoring and access control functions. Currently in the IPsec standard, there is no way to differentiate between ESP encryption and ESP NULL encryption by simply examining a packet. This poses certain challenges to the intermediate devices that need to deep inspect the packet before making a decision on what should be done with that packet (Inspect and/or Allow/Drop). The mechanism described in this document can be used to easily disambiguate ESP-NULL from ESP encrypted packets, without compromising on the security provided by ESP. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-traffic-visibility-07 .txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] I-D Action:draft-ietf-ipsecme-traffic-vis… Internet-Drafts
- Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic… Jack Kohn
- Re: [IPsec] I-D Action:draft-ietf-ipsecme-traffic… Yaron Sheffer